<?php

/*
 * [HZTCcms] (C)2001-2018 AoSheWeb Inc.
 * This is NOT a freeware, use is subject to license terms.
 * 
 * Document   : PublicAction.class.php
 * Encoding   : UTF-8
 * Created on : 2011-11-24, 17:15:52
 * Author     : leefire yunzhi.li.08@gmail.com 464328282
 * Site       : http://www.aosheweb.com
 * Description: 
 */

class PublicAction extends CommonAction {
    /*
     * 管理后台登陆
     * @access	public
     * @param	void
     * @return	void
     */

    public function login() {
	if (!isset($_SESSION[C('USER_AUTH_KEY')])) {
	    $this->display();
	} else {
	    $this->redirect('Index/index');
	}
    }

    /*
     * 管理后台登出
     * @access	public
     * @param	void
     * @return	void
     */

    public function logout() {
	if (isset($_SESSION[C('USER_AUTH_KEY')])) {
	    unset($_SESSION[C('USER_AUTH_KEY')]);
	    unset($_SESSION);
	    session_destroy();
	    $this->_message('success', '登出成功', __URL__ . '/login/');
	} else {
	    $this->_message('error', '已经登出！');
	}
    }

    /*
     * 登陆验证
     * @access	public
     * @param	void
     * @return	void
     */

    public function checkLogin() {
	if (empty($_POST['username'])) {
	    $this->_message('error', '帐号必须填写！');
	    exit();
	} elseif (empty($_POST['password'])) {
	    $this->_message('error', '密码不能为空！');
	    exit();
	} elseif (empty($_POST['verify'])) {
	    $this->_message('error', '验证码必须！');
	    exit();
	}
	//生成认证条件
	$map = array();
	// 支持使用绑定帐号登录
	$map['username'] = $_POST['username'];
	$map["status"] = array('gt', 0);
	if ($_SESSION['verify'] != md5($_POST['verify'])) {
	    $this->_message('error', '验证码错误！');
	    exit();
	}
	import('@.ORG.RBAC');
	$authInfo = RBAC::authenticate($map);

	//使用用户名、密码和状态的方式进行认证
	if (null === $authInfo) {
	    $this->_message('error', '帐号不存在或已禁用！');
	    exit();
	} else {
	    if ($authInfo['password'] != md5($_POST['password'])) {
		$this->_message('error', '密码错误！');
		exit();
	    }
	    $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
	    $_SESSION['email'] = $authInfo['email'];
	    $_SESSION['loginAdminName'] = $authInfo['username'];
	    $_SESSION['lastLoginTime'] = $authInfo['lastlogintime'];
	    $_SESSION['loginCount'] = $authInfo['logincount'];
	    if ($authInfo['username'] == C('ADMIN_AUTH_KEY')) {
		$_SESSION[C('ADMIN_AUTH_KEY')] = true;
	    }
	    //保存登录信息
	    $User = M('Admin');
	    $ip = get_client_ip();
	    $time = time();
	    $data = array();
	    $data['id'] = $authInfo['id'];
	    $data['lastlogintime'] = $time;
	    $data['logincount'] = array('exp', 'logincount+1');
	    $data['lastloginip'] = $ip;
	    $User->save($data);

	    // 缓存访问权限
	    RBAC::saveAccessList();
	    $this->_message('success', '登录成功！', U(APP_NAME . '://' . GROUP_NAME . '-Index/index'));
	}
    }

    /*
     * 管理员修改密码模板显示
     * @access	public
     * @param	void
     * @return	void
     */

    public function password() {
	$this->display();
    }

    /*
     * 检查用户是否登陆系统
     * @access	protected
     * @param	void
     * @return	void
     */

    protected function checkUser() {
	if (!isset($_SESSION[C('USER_AUTH_KEY')])) {
	    $this->_message('error', '没有登录', __URL__ . '/login');
	}
    }

    /*
     * 密码修改方法
     * @access	public
     * @param	void
     * @return	void
     */

    public function changePassword() {
	$this->checkUser();
	$oldpw = $_POST['oldpassword'];
	$newpw = $_POST['newpassword'];
	$repw = $_POST['repassword'];
	$map = array();
	$map['id'] = $_SESSION[C('USER_AUTH_KEY')];
	$map['password'] = md5($oldpw);
	//检查用户
	$User = M("Admin");
	if (!$User->where($map)->field('id')->find()) {
	    $this->error('旧密码不符或者用户名错误！');
	} elseif ($newpw != $repw) {
	    $this->_message('error', '重复密码必需一致！');
	} else {
	    if ('' == trim($newpw)) {
		$this->_message('error', '密码不能为空！');
	    }
	    $User = M('Admin');
	    $User->password = md5($newpw);
	    $User->id = $_SESSION[C('USER_AUTH_KEY')];
	    $result = $User->save();
	    if (false !== $result) {
		$this->_message('success', "密码修改为：$newpw");
	    } else {
		$this->_message('error', '重置密码失败！');
	    }
	}
    }

}

?>
